X.org Server 21.1.14 Update Fixes Vulnerability

X.org Server has recently released corrective updates for X.org Server 21.1.14 and xwayland 24.1.4. These updates ensure the smooth execution of X11-applications in the Wayland environment. The new versions address a vulnerability (CVE-2024-9632) that could be exploited on systems where the X-server runs with ROOT privileges. Additionally, the updates prevent remote code execution in configurations where an X11 session is accessed via SSH.

The vulnerability was identified in the _xkbseetcmp function atmap(), which occurs when attempting to modify the sym_interpret buffer size while processing a specially crafted byte card. The error in setting a new size resulted in only changing the Num_SI value, while leaving the SIZE_SI value unchanged. This issue has been present since the release of Xorg-Server-1.1.1 in 2006.

/Reports, release notes, official announcements.